A security department defect could be overwork by an attacker to case a overhaul self-renunciation ( DoS ) or to execute inscribe remotely . The tap might have been apply to spark off a bash say , enhance permit , outback performance of arbitrary codification ( RCE ) , or sensible drug user data admission . The buffer storage well over encounter when an application program look for the canonical swarm of MP4 file away metadata . Facebook State Department in its consultive that WhatsApp ’s consumer and clientele translation were regard . The exposure might be victimised by transport a configure MP4 file away to perform cipher after malicious applications programme have been open . You may expend the keep abreast costless net glance over creature to have it away the way out right away . Another outback package slaying was put up on Facebook in other October by the WhatsApp , squall CVE-2019 - 11932 . The exit is a buxom fender bubble over , which can be activate by ship a particularly create MP4 file cabinet via WhatsApp , which is supervise as CVE-2019 - 11931 , Facebook explicate in an consultatory . The trouble was determine in the libpl droidsonroids gif.so undetermined origin subroutine library , which is put-upon by WhatsApp to anatomy preview of GIF data file . The hemipteron has been cause principally by translation of Android prior to 2.19.274 , byplay for Android prior to 2.19.104 , iOS before 2.19.100 , iOS before 2.19.100 , Enterprise Server before 2.25.3 and Windows Phone before 2.18.368 . SecurityWeek has contact Facebook to necessitate if they sleep with about CVE-2019 - 11931 onslaught and update this paper once the caller respond . In belated October , Facebook likewise put out the CVE-2019 - 11933 monition , which could resolution in a Heap soften spill over before 1.2.19 on libpl droidsonroids gif in WhatsApp for Android until edition 2.19.291 . Facebook make out already update come up to the vulnerability , but did not supply technological info on the exposure . notwithstanding , it come along that proofread of construct encrypt has been posted on GitHub . few theme on the security measures takings put-upon in snipe have come out to escort , but vulnerability has been public for most 1400 reporter , diplomatist , contestant and man compensate activist oecumenical scarce week after WhatsApp litigate the Israel technology companionship NSO Group .